With the development of network and computer technology, the security of data storage and data exchange has become more and more important, and encryption technology has been used in data saving and data exchange very early. In order to ensure the correctness of the identities of both sides of the network data exchange, the visa system has matured. GnuPG is a set of tools for encrypting data and making certificates, and it works like PGP. But PGP uses a number of proprietary algorithms, which are among the notorious U.S. export restrictions. GnuPG is a GPL software and does not use any patented encryption algorithm, so there is more freedom to use it. Specifically, GnuPG is a series of toolset for secure communication and data storage, which can be used for encrypting data and digital signatures. In function, it is the same as PGP. Because PGP uses the idea patent algorithm, the use of PGP can be problematic. But GnuPG does not use this algorithm, so there is no limit to the user's use of GnuPG. GnuPG use asymmetric encryption algorithm, the degree of security is high. The so-called asymmetric encryption algorithm, is that each user has a pair of keys: public and private keys. Where the key is saved by the user, the public key is distributed to others as much as possible so that others can communicate with you. Download Address:http://down.51cto.com/data/148107>> Go to the Network security tool treasure look at other security tools----GNUPG has the following characteristics:----Fully compatible PGP----not using any proprietary algorithms, No patent issues----follow the GNU Public License----and OPENPGP compatible----widely used, security is higher than PGP2, can encrypt checksum pgp5.x format information----support a variety of encryption algorithms----support expansion Modules---- The user identity follows the standard structure----multilanguage support (not yet supported in Chinese)----online Help system----Support anonymous information reception----support HKP key service----has numerous GUI interface support----GNUPG source code can be http:// Www.gnu.org/download.html obtained. GNUPG installation----First get the source code for the GnuPG, and then do the following:----1. Extract source code package:----[kerberos@dev9] tar xvzf gnupg-version.tar.gz----[KERBEROS@DEV9] CD gnupg-version----[kerberos@dev9 Gnupg-version]./configure----2. compiling source code----[Kerberos@dev9 Gnupg-versiOn] make----3. Verify that the generated tool----[kerberos@dev9 gnupg-version] Make check----4. Ready to install----[kerberos@dev9 gnupg-version] su----5. The Install kit----[ROOT@DEV9 gnupg-version] make INSTALLGNUPG command uses----1. Generate key pair----must generate a key pair (public and private) before using GnuPG, parameter option "--gen-key" A key pair can be generated. You can do this by following these steps. [ROOT@DEV9/] #gpg--gen-keygpg (GnuPG) 1.0.2; Copyright (C) softwarefoundation, inc.this program comes with absolutely NO WARRANTY. This is the free software, and your are welcome toredistribute itunder certain. The file COPYING for DETAILS.GPG:/root/.gnupg:directory createdgpg:/root/.gnupg/options:new Options File CREATEDGP G:you have to start GnuPG recycle, so it can readthe new options file and then reuse the instructions above. GPG (GnuPG) 1.0.2; Copyright (C) softwarefoundation, inc.this program comes with absolutely NO WARRANTY. This is the free software, and your are welcome to redistribute itunder certain. The file COPYING for DETAILS.GPG:/root/.gnupg:directory createdgpg:/root/.gnupg/options:new Options File creatEdgpg:you have to start GnuPG recycle, so it can read thenew options fileplease Select what kind of key for you want: (1) DSA an D ElGamal (default) (2) DSA (sign only) (4) ElGamal (sign and encrypt) Your selection? 1DSA KeyPair'll have 1024 bits. About to generate a new ELG-E keypair.minimum keysize are 768 bitsdefault keysize is 1024 bitshighest suggested KeySize 2048 bitswhat keysize do you want? (1024) 2048Do You really need such a SCM keysize? Yrequested KeySize is 2048 bitsplease specify "How long" the key should be valid.0 = key does not expire< n > = key ex Pires in n days< n > w = key expires in n weeks< n > m = key expires in n months< n > y = key expires in n Yearskey is valid for? (0) 0Key does not expire to Allis this correct (y)? Y----You need a user ID to identify your key, GnuPG can generate a user ID based on your real name, comment, and e-mail address. Real Name:kerberosemail address:kerberos@minigui.orgcomment:unix/linux consultantyou selected this USER-ID: "Kerberos (Unix Consultant) < KERBEROS@MINIGUI.ORG > "Change (N) AME, (C) omment, (E) mail or (O) kay/(Q) uit?" Oyou need a passphrase to protect your key. Enter Passphrase: [Enter a passphrase]----in the process of generating the key, GnuPG need to get some random numbers. These random numbers can be obtained from the current state of your system, so at this point you can randomly tap the keyboard or move the mouse to produce high quality random numbers. ----Then, GnuPG asks you to enter the algorithm for the key you want to generate. Please select what kind of key to want: (1) DSA and ElGamal (default) (2) DSA (sign only) (4) ElGamal (sign and encrypt) Your Selection?----GnuPG but generates multiple key pairs, here are three options. DSA keys are the most basic key format for generating certificates. ElGamal key pairs can be used for encryption. The second option is similar to the first, but only generates a DSA key pair, and a third option generates a ElGamal key pair for visa and encryption purposes. For most users, it is convenient to use the default selection. ----to select the length of the key below, the length of the DSA key is between the 512-bit ~1024 bit, and the length of the Elmagal key is unlimited. About to generate a new ELG-E keypair.minimum keysize are 768 bitsdefault keysize is 1024 bitshighest suggested KeySize 2048 bitswhat keysize do you want? (1024)----Generating a long key has both advantages and disadvantages, long key security is undoubtedly very high, but will lead to the process of encryption slow, in addition, the key too long, will make the length of the certificate larger. ----The default key length of 1024 bits is sufficient to determine the length of the key, you can no longer change it. ----Finally, you need to specify a valid date for this key pair, and if you choose to generate ElGamal or DSA key pairs, they need to specify the expiration date of the key pair. Please specify how long the key should is VALID0 = key does not EXpire = key expires in n days< n > w = key expires in n weeks< n > m = key expires in n months< n > y = Key expires in n Yearskey are valid for? (0)----for most users, it is possible for a key pair to have no expiration period. Although you can change the valid date of a key pair after it has been created, it is still prudent to select this parameter. Because the public key is sent out, it is difficult to change your public key that other users have. ----now need to provide a user ID, when the visa, the public key needs to be bound with the user identity to prove your true identity. ----Need a user-id to identify your key; The software constructs the user ID from real Name, Comment and e-mail address in this form:----"Kerberos" (Linux Consultan T) < kerberos@minigui.org > "----real name: Your username----Email Address: Enter your email addresses----Comment: Enter comments----Finally, GnuPG needs a Private key, the private key is saved by the user----Enter passphrase: Enter the key password----The purpose of this password is to encrypt your private key, so that even if someone steals your private key, without this password, and cannot use it, the length of this password is unlimited, but As we know, a short password is easy to crack. Similarly, if your password is a word, it can easily be cracked. ----2. Certificate Recycling----When your key pair is generated, you should immediately make a public key recovery certificate, and if you forget the password for your private key or if your private key is lost or stolen, you can publish the certificate to declare that the previous public key is no longer valid. The option to generate a recycle certificate is "--gen-revoke". ----[root@dev9/]# gpg--output revoke.asc--gen-revoke mykey----Where the MyKey parameter is a key identity that can be represented. The resulting recycling certificate is placed in the Revoke.asc file, and once the certificate of recovery is issued, the previous certificate can no longer beUser access, the previous public key is invalidated. ----3. The key list----lists the keys using the--list-keys option----[root@dev9/]# GPG--list-keys----4. The output public key----You can export your public key for use on your home page, or you can put it on a key server, and of course, it can be used in other ways. You first export the public key before you use it. Option--export can implement this feature, and when you use this option, you must also use additional options to indicate the public key you want to output. ----The following command indicates that the public key is output in binary format:----[root@dev9/]# gpg--output kapil.gpg--export kerberos@minigui.org---- The following command indicates output in ASCII character format:----GPG--output kapil.gpg--export-armor> kerberos-key.asc----5. Import Public key----You can import the public key from a third party's public key database into your private database and use it when communicating with others. ----[ROOT@DEV9/] #gpg--import < filename >----where the parameter filename is a public key file. ----For example: Import Redhat's public key, REDHAT.ASC can be downloaded from Redhat's home page. ----[root@dev9/]# gpg--import redhat.asc----gpg:key:9b4a4024:public key imported----GPG:/ROOT/.GNUPG/TRUSTDB.GPG: Trustdb created----gpg:total number processed:1----gpg:imported:1----6. After you confirm that the key----import the key, use a digital signature to verify that the certificate is legitimate. View digital signatures using the--fingerprint option. ----[Root@dev9/]# GPG--fingerprint < UID >----where UID is the public key you want to verify. ----7. Key signing----Import key, you can use the--sign-key option to sign, the purpose of which is to prove that you fully trust the legality of this certificate. ----For example: [ROOT@DEV9/]# GPG--sign-key < UID >----where UID is the public key to be signed. ----8. Check the signature----we can use the--check-sigs option to check the signature we made on the key above. ----[Root@dev9/]# GPG--check-sigs < UID >----This option lists all the signatures for this key file. ----9. Encryption and decryption----encryption and decryption of a file is very easy, if you want to send an encrypted file to Redhat, you can use Redhat public key to encrypt the file, and this file can only redhat use their own key to decrypt the view. ----Encrypt a file you can use the following instructions----[ROOT@DEV9/] #gpg--sear < UID > < file >----where the UID is the other's public key, file is the one you want to encrypt. ----If you want to unlock a file sent to you by another user, you can use the following instructions:----[ROOT@DEV9/] #gpg-D < file >----where file is the one you want to decrypt. During decryption, GnuPG prompts you for the password required to use the key, which is the password you entered when the private key was generated. To force (0 Votes) Tempted (0 Votes) nonsense (0 Votes) Professional (0 Votes) The title party (0 Votes) passing (0 Votes) Text: Gnupg-gnu PGP use guide return to network security home
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.